Mac OS X : Apple Safari < 6.0.5 Multiple Vulnerabilities

Medium Nessus Plugin ID 66810

Synopsis

The remote host contains a web browser that is affected by several
vulnerabilities.

Description

The version of Apple Safari installed on the remote Mac OS X 10.7 or
10.8 host is earlier than 6.0.5. It is, therefore, potentially
affected by several issues :

 - Multiple memory corruption vulnerabilities exist in
 WebKit that could lead to unexpected program termination
 or arbitrary code execution. (CVE-2013-0879 /
 CVE-2013-0991 / CVE-2013-0992 / CVE-2013-0993 /
 CVE-2013-0994 / CVE-2013-0995 / CVE-2013-0996 /
 CVE-2013-0997 / CVE-2013-0998 / CVE-2013-0999 /
 CVE-2013-1000 / CVE-2013-1001 / CVE-2013-1002 /
 CVE-2013-1003 / CVE-2013-1004 / CVE-2013-1005 /
 CVE-2013-1006 / CVE-2013-1007 / CVE-2013-1008 /
 CVE-2013-1009 / CVE-2013-1010 / CVE-2013-1011 /
 CVE-2013-1023)

 - A cross-site scripting issue exists in WebKit's handling
 of iframes. (CVE-2013-1012)

 - A cross-site scripting issue exists in WebKit's handling
 of copied and pasted data in HTML documents.
 (CVE-2013-0926)

 - In rewriting URLs to prevent cross-site scripting
 attacks, XSS Auditor could be abused, leading to
 malicious alteration of the behavior of a form
 submission. (CVE-2013-1013)

Solution

Upgrade to Apple Safari 6.0.5 or later.

See Also

http://www.zerodayinitiative.com/advisories/ZDI-13-107/

http://www.zerodayinitiative.com/advisories/ZDI-13-108/

http://www.zerodayinitiative.com/advisories/ZDI-13-109/

http://support.apple.com/kb/HT5785

http://lists.apple.com/archives/security-announce/2013/Jun/msg00001.html

http://www.securityfocus.com/archive/1/526807/30/0/threaded

Plugin Details

Severity: Medium

ID: 66810

File Name: macosx_Safari6_0_5.nasl

Version: 1.8

Type: local

Agent: macosx

Published: 2013/06/05

Modified: 2018/07/14

Dependencies: 31604

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:apple:safari

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2013/06/04

Vulnerability Publication Date: 2013/02/21

Reference Information

CVE: CVE-2013-0879, CVE-2013-0926, CVE-2013-0991, CVE-2013-0992, CVE-2013-0993, CVE-2013-0994, CVE-2013-0995, CVE-2013-0996, CVE-2013-0997, CVE-2013-0998, CVE-2013-0999, CVE-2013-1000, CVE-2013-1001, CVE-2013-1002, CVE-2013-1003, CVE-2013-1004, CVE-2013-1005, CVE-2013-1006, CVE-2013-1007, CVE-2013-1008, CVE-2013-1009, CVE-2013-1010, CVE-2013-1011, CVE-2013-1012, CVE-2013-1013, CVE-2013-1023

BID: 58731, 59326, 59944, 59953, 59954, 59955, 59956, 59957, 59958, 59959, 59960, 59963, 59964, 59965, 59967, 59970, 59971, 59972, 59973, 59974, 59976, 59977, 60361, 60362, 60363, 60364

APPLE-SA: APPLE-SA-2013-06-04-2

CWE: 20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990